Replace BigFix Root CA by 3rd Party CA

Rav_28 · April 20, 2026, 11:44am

Hi Team,

Since BigFix supports replacing root CA with 3rd Party’s CA from v11.0.4, can someone please confirm whether they’ve tested it out and are there any challenges in making these changes. I would also like to know best practices if any around this replacement process.

Thanks,

Ravnish Singh

jbruns2017 · April 20, 2026, 3:18pm

Once this in in-place, threads like this will be easier.

Vote please.

DanieleColi · April 21, 2026, 8:36am

Setting your own CA is not difficult: follow the documentation and then the BigFix infrastructure will generate and deploy certificates up to clients.

The only attention points are:

at the moment, it supports self-signed root CA certificates or CA certificates signed directly by a root CA
multi-tier CA chains are not supported
both certificates and private keys are required in order to setup correctly the custom CA

@jbruns2017 , your Idea link is not visible to me…

jbruns2017 · April 24, 2026, 12:37pm

bigfix.ideas.hcl-software dot com

/ideas/BFP-I-577